Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PoC: Guard secret attributes against leaking to the logs V1.0 #1359

Closed
wants to merge 1 commit into from
Closed

PoC: Guard secret attributes against leaking to the logs V1.0 #1359

wants to merge 1 commit into from
+71 −0

Conversation

shundhammer
Copy link
Contributor

@shundhammer shundhammer commented Mar 12, 2024
edited
Loading

Proof of Concept [superseded]

Problem

Secret attributes of the wifi connection object might leak to the logs, e.g. if methods like inspect() are used.

Fix

Use a custom inspect() method that clones the original object and sanitizes all fields that should not be logged verbatim (replacing each one with a special string <sanitized>).

Related PR

Superseded by PR #1360 which uses attr_secret from YaST2::SecretAttributes.

@coveralls
Copy link

coveralls commented Mar 12, 2024
edited
Loading

Coverage Status

coverage: 80.8% (+0.02%) from 80.781%
when pulling 32ea09d on huha-fix-pw-leak
into 2ac81c0 on master.

@joseivanlopez
Copy link
Contributor

I think SecretAttributes mixin could be useful here, see https://github.com/yast/yast-yast2/blob/master/library/general/src/lib/yast2/secret_attributes.rb.

@shundhammer shundhammer mentioned this pull request Mar 13, 2024
Closed
@shundhammer shundhammer changed the title PoC: Don't leak passwords to the log (bsc#1221194) PoC: Guard secret attributes against leaking Mar 13, 2024
@shundhammer shundhammer changed the title PoC: Guard secret attributes against leaking PoC: Guard secret attributes against leaking to the logs Mar 13, 2024
@shundhammer shundhammer changed the title PoC: Guard secret attributes against leaking to the logs PoC: Guard secret attributes against leaking to the logs V1.0 Mar 13, 2024
@shundhammer
Copy link
Contributor Author

Superseded by PR #1360 which uses secret_attr from YaST::SecretAttributes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@teclator teclator

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@shundhammer @coveralls @joseivanlopez @teclator